Sha256: 71874662f60a74f95ffc809e502f9f8ed39036d254c5567a0f7bc5af8fae76d8
Contents?: true
Size: 1.98 KB
Versions: 15
Compression:
Stored size: 1.98 KB
Contents
module Kafka
module Sasl
class Gssapi
GSSAPI_IDENT = "GSSAPI"
GSSAPI_CONFIDENTIALITY = false
def initialize(logger:, principal:, keytab:)
@logger = logger
@principal = principal
@keytab = keytab
end
def configured?
@principal && !@principal.empty?
end
def ident
GSSAPI_IDENT
end
def authenticate!(host, encoder, decoder)
load_gssapi
initialize_gssapi_context(host)
@encoder = encoder
@decoder = decoder
# send gssapi token and receive token to verify
token_to_verify = send_and_receive_sasl_token
# verify incoming token
unless @gssapi_ctx.init_context(token_to_verify)
raise Kafka::Error, "GSSAPI context verification failed."
end
# we can continue, so send OK
@encoder.write([0, 2].pack('l>c'))
# read wrapped message and return it back with principal
handshake_messages
end
def handshake_messages
msg = @decoder.bytes
raise Kafka::Error, "GSSAPI negotiation failed." unless msg
# unwrap with integrity only
msg_unwrapped = @gssapi_ctx.unwrap_message(msg, GSSAPI_CONFIDENTIALITY)
msg_wrapped = @gssapi_ctx.wrap_message(msg_unwrapped + @principal, GSSAPI_CONFIDENTIALITY)
@encoder.write_bytes(msg_wrapped)
end
def send_and_receive_sasl_token
@encoder.write_bytes(@gssapi_token)
@decoder.bytes
end
def load_gssapi
begin
require "gssapi"
rescue LoadError
@logger.error "In order to use GSSAPI authentication you need to install the `gssapi` gem."
raise
end
end
def initialize_gssapi_context(host)
@logger.debug "GSSAPI: Initializing context with #{host}, principal #{@principal}"
@gssapi_ctx = GSSAPI::Simple.new(host, @principal, @keytab)
@gssapi_token = @gssapi_ctx.init_context(nil)
end
end
end
end
Version data entries
15 entries across 15 versions & 1 rubygems